3.0.2 • Published 10 months ago
@otterhttp/rate-limit v3.0.2
@otterhttp/rate-limit
Basic rate-limiting middleware for tinyhttp. Used to limit repeated requests to public APIs and/or endpoints such as password reset.
Install
pnpm i @otterhttp/rate-limit
Usage
import { App } from '@otterhttp/app'
import { rateLimit } from '@otterhttp/rate-limit'
new App().get('limited-route', rateLimit({ max: 10, windowMs: 60 * 1000 /* 1 minute */ }), (_, res) =>
res.send('Limited route')
)
Options
Name | Type | Default | Description |
---|---|---|---|
windowMs | number | 5000 | Timeframe for which requests are checked/remembered. |
max | number | ((req: Request, res: Response) => Promise) | 5 | Max number of connections during windowMs before sending a 429 response. |
message | string | Too many requests, please try again later. | Error message sent to user when max is exceeded. |
statusCode | number | 429 | HTTP status code returned when max is exceeded. |
skipFailedRequests | boolean | false | When set to true, failed requests won't be counted. |
skipSuccessfulRequests | boolean | false | When set to true successful requests (response status < 400) won't be counted. |
keyGenerator | (req: Request, res: Response) => string | (req) => req.ip | Function used to generate keys. |
shouldSkip | (req: Request, res: Response) => boolean | () => false | Determine per request if it should be skipped by the middleware |
onLimitReached | onLimitReached: (req: Request, res: Response) => void | () => {} | Function that is called the first time a user hits the rate limit within a given window. |
store | Store | MemoryStore | By default a MemoryStore is used. Rate Limit Redis, Rate Limit Memcached and Rate Limit Mongo can be used too. |